(in-package :TRAPS)
; Generated from #P"macintosh-hd:hd3:CInterface Translator:Source Interfaces:AuthorizationDB.h"
; at Sunday July 2,2006 7:27:07 pm.
; 
;  * Copyright (c) 2003 Apple Computer, Inc. All Rights Reserved.
;  * 
;  * The contents of this file constitute Original Code as defined in and are
;  * subject to the Apple Public Source License Version 1.2 (the 'License').
;  * You may not use this file except in compliance with the License. Please obtain
;  * a copy of the License at http://www.apple.com/publicsource and read it before
;  * using this file.
;  * 
;  * This Original Code and all software distributed under the License are
;  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
;  * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
;  * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
;  * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
;  * specific language governing rights and limitations under the License.
;  
; 
;  *  AuthorizationDB.h -- APIs for managing the authorization policy database
;  *  and daemons.
;  
; #ifndef _SECURITY_AUTHORIZATIONDB_H_
; #define _SECURITY_AUTHORIZATIONDB_H_

(require-interface "Security/Authorization")

(require-interface "CoreFoundation/CoreFoundation")

; #if defined(__cplusplus)
#|
extern "C" {
#endif
|#
; !
; 	@header AuthorizationDB
; 	Version 1.0
; 
; 	This API allows for any programs to get, modify, delete and add new right definitions to the policy database.  Meta-rights specify whether and what authorization is required to make these modifications.
; 	
; 	AuthorizationRightSet(NULL, "com.ifoo.ifax.send", CFSTR(kRuleIsAdmin), CFSTR("You must authenticate to send a fax."), NULL, NULL)
; 
; 	add a rule for letting admins send faxes using a canned rule, delegating to a pre-specified rule that authorizes everyone who is an admin.
; 	
; 	AuthorizationRightSet(NULL, "com.ifoo.ifax.send", [[CFSTR(kRightRule), CFSTR(kRuleIsAdmin)], [CFSTR(kRightComment), CFSTR("authorizes sending of 1 fax message")]], CFSTR("Authorize sending of a fax"), NULL, NULL)
; 
; 	add identical rule, but specify additional attributes this time.
; 
; 	Keep in mind while specifying a comment to be specific about what you need to authorize for (1 fax), in terms of a general message for user.  The means of proof required for kRuleIsAdmin (enter username/password for example) should not be included here, since it could be configured differently.
; 
; 
; !	@define kRightRule
; 	rule delegation key.  Instead of specifying exact behavior some canned rules
;    are shipped that may be switched by configurable security.
; 
(defconstant $kAuthorizationRightRule "rule")
; #define kAuthorizationRightRule						"rule"
; ! @defined kRuleIsAdmin
; 	canned rule values for use with rule delegation definitions: require user to be an admin.
; 
(defconstant $kAuthorizationRuleIsAdmin "is-admin")
; #define kAuthorizationRuleIsAdmin					"is-admin"
; ! @defined kRuleAuthenticateAsSessionUser
; 	canned rule value for use with rule delegation definitions: require user to authenticate as the session owner (logged-in user).
; 
(defconstant $kAuthorizationRuleAuthenticateAsSessionUser "authenticate-session-user")
; #define kAuthorizationRuleAuthenticateAsSessionUser	"authenticate-session-user"
; ! @defined kRuleAuthenticateAsAdmin
; 	Canned rule value for use with rule delegation definitions: require user to authenticate as admin.
; 
(defconstant $kAuthorizationRuleAuthenticateAsAdmin "authenticate-admin")
; #define kAuthorizationRuleAuthenticateAsAdmin		"authenticate-admin"
; ! @defined kAuthorizationRuleClassAllow
; 	Class that allows anything.
; 
(defconstant $kAuthorizationRuleClassAllow "allow")
; #define kAuthorizationRuleClassAllow			"allow"
; ! @defined kAuthorizationRuleClassDeny
; 	Class that denies anything. 
; 
(defconstant $kAuthorizationRuleClassDeny "deny")
; #define kAuthorizationRuleClassDeny				"deny"
; ! @defined kAuthorizationComment
;     comments for the administrator on what is being customized here;
;    as opposed to (localized) descriptions presented to the user.
; 
(defconstant $kAuthorizationComment "comment")
; #define kAuthorizationComment	"comment"
; !
; 	@function AuthorizationRightGet 
; 	
; 	Retrieves a right definition as a dictionary.  There are no restrictions to keep anyone from retrieving these definitions.  
; 
; 	@param rightName (input) the rightname (ASCII).  Wildcard rightname definitions are okay.
; 	@param rightDefinition (output/optional) the dictionary with all keys defining the right.  See documented keys.  Passing in NULL will just check if there is a definition.  The caller is responsible for releasing the returned dictionary.
; 
; 	@result errAuthorizationSuccess 0 No error.
; 
; 	errAuthorizationDenied -60005 No definition found.
; 
; 

(deftrap-inline "_AuthorizationRightGet" 
   ((rightName (:pointer :char))
    (rightDefinition (:pointer :CFDictionaryRef))
   )
   :SInt32
() )
; !
; 	@function AuthorizationRightSet
; 	
; 	Create or update a right entry.  Only normal rights can be registered (wildcard rights are denied); wildcard rights are considered to be put in by an administrator putting together a site configuration.
; 
; 	@param authRef (input) authRef to authorize modifications.
; 	@param rightName (input) the rightname (ASCII).  Wildcard rightnames are not okay.
; 	@param rightDefinition (input) a CFString of the name of a rule to use (delegate) or CFDictionary containing keys defining one.
; 	@param descriptionKey (input/optional) a CFString to use as a key for looking up localized descriptions.  If no localization is found this will be the description itself.
; 	@param bundle (input/optional) a bundle to get localizations from if not the main bundle.
; 	@param localeTableName (input/optional) stringtable name to get localizations from.
; 	
; 	@result errAuthorizationSuccess 0 added right definition successfully.
; 
; 	errAuthorizationDenied -60005 Unable to create or update right definition.
; 
; 	errAuthorizationCanceled -60006 Authorization was canceled by user.
; 
; 	errAuthorizationInteractionNotAllowed -60007 Interaction was required but not possible.
; 
; 

(deftrap-inline "_AuthorizationRightSet" 
   ((authRef (:pointer :AuthorizationOpaqueRef))
    (rightName (:pointer :char))
    (rightDefinition (:pointer :void))
    (descriptionKey (:pointer :__CFString))
    (bundle (:pointer :__CFBundle))
    (localeTableName (:pointer :__CFString))
   )
   :SInt32
() )
; !
; 	@function AuthorizationRightRemove
; 
; 	Request to remove a right from the policy database.
; 
; 	@param authRef (input) authRef, to be used to authorize this action.
; 	@param rightName (input) the rightname (ASCII).  Wildcard rightnames are not okay.
; 	
; 

(deftrap-inline "_AuthorizationRightRemove" 
   ((authRef (:pointer :AuthorizationOpaqueRef))
    (rightName (:pointer :char))
   )
   :SInt32
() )

; #if defined(__cplusplus)
#|
}
#endif
|#

; #endif /* !_SECURITY_AUTHORIZATIONDB_H_ */


(provide-interface "AuthorizationDB")